:''Tomb is 100% free and open source software to make strong encryption easy to use.''

:''Tomb is 100% free and open source software to make strong encryption easy to use.''

:''A tomb is like a locked folder that can be safely transported and hidden in a filesystem.''

:''A tomb is like a locked folder that can be safely transported and hidden in a filesystem.''

Line 9:

Line 12:

Tomb aims to be a really simple to use software to manage "encrypted directories", called tombs. A tomb can only be opened if you both have a keyfile and you know the password. It also has advanced features, like steganography.

Tomb aims to be a really simple to use software to manage "encrypted directories", called tombs. A tomb can only be opened if you both have a keyfile and you know the password. It also has advanced features, like steganography.

+

You can install {{AUR|tomb}} from the [[Arch User Repository]].

−

You can install {{AUR|tomb}} from the aur using {{ic|yaourt -S tomb}}

+

== Installation ==

+

+

tomb is not present in the official repositories, but has his own repository:

+

+

{{bc|<nowiki>[crypto]

+

SigLevel = Required

+

Server=http://tomb.dyne.org/arch_repo/$arch</nowiki>}}

+

add these two lines to your /etc/pacman.conf, then

+

{{bc|pacman -Syyu

+

pacman -S crypto/tomb}}

+

+

Otherwise, you can install {{AUR|tomb}}, available in the [[Arch User Repository]].

+

+

=== Bleeding edge ===

+

+

If you want to check out the development version, you can install {{ic|tomb-git}} from the "crypto" repo (the same as above),

+

or {{AUR|tomb-git}} from the [[Arch User Repository]].

== Using tomb ==

== Using tomb ==

Line 22:

Line 42:

tomb open /path/to/mysecret.tomb}}

tomb open /path/to/mysecret.tomb}}

−

This will create a 200MegaBytes tombfile, placing the key just next to the tomb (which is bad for security).

+

This will create a 200MB tombfile, placing the key just next to the tomb (which is bad for security).

+

+

{{ic|tomb-open}} is much simpler. Calling it without arguments will launch a wizard for tomb creation; it will provide a simple way to put the keyfile on a usb key, to provide effective two-factor authentication.

+

Calling it with a single argument will try to open the specified tomb:

+

$ tomb-open /path/to/mysecret.tomb

+

Even in this case, support for retrieving the key from USB is automagical.

+

+

== Tomb Usage ==

+

+

Syntax: tomb [options] command [file] [place]

−

{{ic|tomb-open}} is way easier to use. Calling it without arguments will launch a wizard for tomb creation; it will provide a simple way to put the keyfile on a usb key, to provide effective two-factor.

+

Commands:

−

Calling it with a single argument will try to open a tomb. {{bc|tomb-open /path/to/mysecret.tomb}}. Even in this case,

+

create create a new tomb FILE and its keys

−

support for retrieving the key from USB is automagical.

+

open open an existing tomb FILE on PLACE

+

list list all open tombs or the one called FILE

+

close close the open tomb called FILE (or all)

+

slam close tomb FILE and kill all pids using it

+

passwd change the password of a tomb key FILE

+

+

Options:

+

-s size of the tomb file when creating one (in MB)

+

-k path to the key to use for opening a tomb

+

-n don't process the hooks found in tomb

+

-o mount options used to open (default: rw,noatime,nodev)

+

-h print this help

+

-v version information for this tool

+

-q run quietly without printing informations

+

-D print debugging information at runtime

== Advanced features ==

== Advanced features ==

* steganography (to hide the key inside a jpeg/wav file)

* steganography (to hide the key inside a jpeg/wav file)

−

* bind hooks: can mount some of its subdirectories as "bind" to some other. Suppose, for example, you'd like to encrypt your .Mail, .firefox and Documents directories. Then you can create a tomb which contains these subdirectories (and others too, if you want) and create a simple configuration file inside the tomb itself; when you run {{ic|tomb open}} it will automatically bind that directories into the right places. This way you'll easily get an encrypted firefox profile, or maildir.

+

* bind hooks: can mount some of its subdirectories as "bind" to some other. Suppose, for example, you would like to encrypt your .Mail, .firefox and Documents directories. Then you can create a tomb which contains these subdirectories (and others too, if you want) and create a simple configuration file inside the tomb itself; when you run {{ic|tomb open}} it will automatically bind that directories into the right places. This way you will easily get an encrypted firefox profile, or maildir.

* post hooks: commands that are run when the tomb is open, or closed. You can imagine lot of things for this: open files inside the tomb, put your computer in a "paranoid" status (for example, disabling swap), whatever.

* post hooks: commands that are run when the tomb is open, or closed. You can imagine lot of things for this: open files inside the tomb, put your computer in a "paranoid" status (for example, disabling swap), whatever.

Revision as of 02:20, 8 February 2014

Tomb is 100% free and open source software to make strong encryption easy to use.

A tomb is like a locked folder that can be safely transported and hidden in a filesystem.

Keys can be kept separate: for instance the tomb on your computer and the key on a USB stick.

Tomb aims to be a really simple to use software to manage "encrypted directories", called tombs. A tomb can only be opened if you both have a keyfile and you know the password. It also has advanced features, like steganography.

Bleeding edge

If you want to check out the development version, you can install tomb-git from the "crypto" repo (the same as above),
or tomb-gitAUR from the Arch User Repository.

Using tomb

Tomb is meant to be used from the console as a single, non-interactive script.
it also provides tomb-open, which is a simple interactive script to help you
create a tomb, open it, retrieve keys from USB.

This will create a 200MB tombfile, placing the key just next to the tomb (which is bad for security).

tomb-open is much simpler. Calling it without arguments will launch a wizard for tomb creation; it will provide a simple way to put the keyfile on a usb key, to provide effective two-factor authentication.
Calling it with a single argument will try to open the specified tomb:

$ tomb-open /path/to/mysecret.tomb

Even in this case, support for retrieving the key from USB is automagical.

Tomb Usage

Syntax: tomb [options] command [file] [place]

Commands:
create create a new tomb FILE and its keys
open open an existing tomb FILE on PLACE
list list all open tombs or the one called FILE
close close the open tomb called FILE (or all)
slam close tomb FILE and kill all pids using it
passwd change the password of a tomb key FILE
Options:
-s size of the tomb file when creating one (in MB)
-k path to the key to use for opening a tomb
-n don't process the hooks found in tomb
-o mount options used to open (default: rw,noatime,nodev)
-h print this help
-v version information for this tool
-q run quietly without printing informations
-D print debugging information at runtime

Advanced features

steganography (to hide the key inside a jpeg/wav file)

bind hooks: can mount some of its subdirectories as "bind" to some other. Suppose, for example, you would like to encrypt your .Mail, .firefox and Documents directories. Then you can create a tomb which contains these subdirectories (and others too, if you want) and create a simple configuration file inside the tomb itself; when you run tomb open it will automatically bind that directories into the right places. This way you will easily get an encrypted firefox profile, or maildir.

post hooks: commands that are run when the tomb is open, or closed. You can imagine lot of things for this: open files inside the tomb, put your computer in a "paranoid" status (for example, disabling swap), whatever.